isrstealer | 8600ba5fe6af2bb5f70e162bf22e34bf558a2dd9820ba50e2e5e2cdf71c3e5f4

Analysis

max time kernel
46s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8600ba5fe6af2bb5f70e162bf22e34bf558a2dd9820ba50e2e5e2cdf71c3e5f4.exe
Size

732KB
MD5

0c0d93d9f6bdf6d06f2f5365bfce847f
SHA1

14ce91343363e99b28b66a459dcf22daccd3ec55
SHA256

8600ba5fe6af2bb5f70e162bf22e34bf558a2dd9820ba50e2e5e2cdf71c3e5f4
SHA512

56817e714e9b051ee0577a69b21804548aaf868603d55ce845268e8b1b77c5b77a2ffee0bdbe3064af05f7d12611bef081dc7eb20e38858700dfba1fbf25db6b
SSDEEP

12288:iGKeZUuWhwjwZbwd1WT9uUY+N32aGvUpRMguefuOl7dlEm:fHuuGwdoTbBAWcyvEm

Score

10^/10

isrstealer stealer trojan upx

Malware Config

Signatures

ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
trojan stealer isrstealer

ISR Stealer payload 2 IoCs

resource	yara_rule
behavioral2/memory/3380-134-0x0000000000400000-0x000000000045A000-memory.dmp	family_isrstealer
behavioral2/memory/3380-140-0x0000000000400000-0x000000000045A000-memory.dmp	family_isrstealer

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2268-146-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2268-147-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2268-143-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2268-148-0x0000000000400000-0x0000000000453000-memory.dmp	upx

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

C:\Users\Admin\AppData\Local\Temp\8600ba5fe6af2bb5f70e162bf22e34bf558a2dd9820ba50e2e5e2cdf71c3e5f4.exe
"C:\Users\Admin\AppData\Local\Temp\8600ba5fe6af2bb5f70e162bf22e34bf558a2dd9820ba50e2e5e2cdf71c3e5f4.exe"
1⤵
PID:1712
- C:\Users\Admin\AppData\Local\Temp\vbc.exe
  C:\Users\Admin\AppData\Local\Temp\vbc.exe
  2⤵
  PID:3380
- - C:\Users\Admin\AppData\Local\Temp\vbc.exe
    /scomma "C:\Users\Admin\AppData\Local\Temp\dGNZ3IeldH.ini"
    3⤵
    PID:2268

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\vbc.exe

Filesize
39KB

MD5
a5a8219981593e6a0b3f12e6e8ad5590

SHA1
48fc4158b896ae96a3ec70451d654d9fc78f650c

SHA256
c8049936bec66c302d8abc7a05223df3cdc96fd12d2b476625cf7e35e055bd03

SHA512
15681541876e001f3e9081d5271639372d40aa059eb9072723c250f558d5f6e0d9dbf9638974965c7b496af819f85d6765e0799e2587fa2e5b9023b122224261

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbc.exe

Filesize
17KB

MD5
a7786f63ad6bf9b6295a35b4820f0e30

SHA1
562c9c7c38489081edc31c689b8fca8998e29310

SHA256
9642c67f9af4861090d3ec5a5f10104181d87bd7a36caebc213cff4887bebf34

SHA512
2e484092e6a1ac725ab12e930ac23426484dc87e4554a4e840500116a93eb0e98e0b165048d94f94ef5e76cd2ad9d2e1f1ff95fc276f9fe1357f1ad12fdb3189

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbc.exe

Filesize
50KB

MD5
89d17000eee1408b23bd22e0e6a431d0

SHA1
0706c638a12a285ee962d9da622182ce4538b259

SHA256
c0acac00c07baaaf215957a4a603243c70ab7f3f2ee2fb333bdc36f4c61e3994

SHA512
fb39b030bf35bd79d8c77fd1635af17d4df6e45aa91e41139e7fae251d4be356d92ab0594531a959f9a1029ca8c54f6f2ee280e961c24df3e15bb6efa5cdbb58

Download Submit
memory/1712-139-0x0000000075340000-0x00000000758F1000-memory.dmp

Filesize
5.7MB

Download
memory/1712-132-0x0000000075340000-0x00000000758F1000-memory.dmp

Filesize
5.7MB

Download
memory/2268-147-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2268-146-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2268-143-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2268-148-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3380-140-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3380-134-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download